<html><head><title>Burp Scanner Report</title>
<meta http-equiv="Content-Security-Policy" content="default-src 'none';img-src 'self' data:;style-src 'unsafe-inline'" />
<style type="text/css">
body { background: #dedede; font-family: 'Droid sans', Helvetica, Arial, sans-serif; color: #404042; -webkit-font-smoothing: antialiased; }
#container { width: 930px; padding: 0 15px; margin: 20px auto; background-color: #ffffff; }
table { font-family: Arial, sans-serif; }
a:link, a:visited { color: #ff6633; text-decoration: none; transform: 0.3s; }
a:hover, a:active { color: #e24920; text-decoration: underline; }
h1 { font-size: 1.6em; line-height: 1.4em; font-weight: normal; color: #404042; }
h2 { font-size: 1.3em; line-height: 1.2em; padding: 0; margin: 0.8em 0 0.3em 0; font-weight: normal; color: #404042;}
h4 { font-size: 1.0em; line-height: 1.2em; padding: 0; margin: 0.8em 0 0.3em 0; font-weight: bold; color: #404042;}
.rule { height: 0px; border-top: 1px solid #404042; padding: 0; margin: 20px -15px 0 -15px; }
.title { color: #ffffff; background: #ff6633; margin: 0 -15px 10px -15px; overflow: hidden; }
.title h1 { color: #ffffff; padding: 10px 15px; margin: 0; font-size: 1.8em; }
.title img { float: right; display: inline; padding: 1px; }
.heading { background: #404042; margin: 0 -15px 10px -15px; padding: 0; display: inline-block; overflow: hidden; }
.heading img { float: right; display: inline; margin: 8px 10px 0 10px; padding: 0; }
.code { font-family: 'Courier New', Courier, monospace; }
table.overview_table { border: 2px solid #e6e6e6; margin: 0; padding: 5px;}
table.overview_table td.info { padding: 5px; background: #dedede; text-align: right; border-top: 2px solid #ffffff; border-right: 2px solid #ffffff; }
table.overview_table td.info_end { padding: 5px; background: #dedede; text-align: right; border-top: 2px solid #ffffff; }
table.overview_table td.colour_holder { padding: 0px; border-top: 2px solid #ffffff; border-right: 2px solid #ffffff; }
table.overview_table td.colour_holder_end { padding: 0px; border-top: 2px solid #ffffff; }
table.overview_table td.label { padding: 5px; font-weight: bold; }
table.summary_table td { padding: 5px; background: #dedede; text-align: left; border-top: 2px solid #ffffff; border-right: 2px solid #ffffff; }
table.summary_table td.icon { background: #404042; }
.colour_block { padding: 5px; text-align: right; display: block; font-weight: bold; }
.high_certain { border: 2px solid #f00; background: #f00; }
.high_firm { border: 2px solid #f66; background: #f66; }
.high_tentative { border: 2px solid #fcc; background: #fcc; }
.medium_certain { border: 2px solid #f90; background: #f90; }
.medium_firm { border: 2px solid #ffc266; background: #ffc266; }
.medium_tentative { border: 2px solid #ffebcc; background: #ffebcc; }
.low_certain { border: 2px solid #fe0; background: #fe0; }
.low_firm { border: 2px solid #fff566; background: #fff566; }
.low_tentative { border: 2px solid #fffccc; background: #fffccc; }
.info_certain { border: 2px solid #ababab; background: #ababab; }
.info_firm { border: 2px solid #cdcdcd; background: #cdcdcd; }
.info_tentative { border: 2px solid #eee; background: #eee; }
.row_total { border: 1px solid #dedede; background: #fff; }
.grad_mark { padding: 4px; border-left: 1px solid #404042; display: inline-block; }
.bar { margin-top: 3px; }
.TOCH0 { font-size: 1.0em; font-weight: bold; word-wrap: break-word; }
.TOCH1 { font-size: 0.8em; text-indent: -20px; padding-left: 50px; margin: 0; word-wrap: break-word; }
.TOCH2 { font-size: 0.8em; text-indent: -20px; padding-left: 70px; margin: 0; word-wrap: break-word; }
.BODH0 { font-size: 1.6em; line-height: 1.2em; font-weight: normal; padding: 10px 15px; margin: 0 -15px 10px -15px; display: inline-block; color: #ffffff; background-color: #ff6633; width: 100%; word-wrap: break-word; }
.BODH0 a:link, .BODH0 a:visited, .BODH0 a:hover, .BODH0 a:active { color: #ffffff; text-decoration: none; }
.BODH1 { font-size: 1.3em; line-height: 1.2em; font-weight: normal; padding: 13px 15px; margin: 0 -15px 0 -15px; display: inline-block; width: 100%; word-wrap: break-word; }
.BODH1 a:link, .BODH1 a:visited, .BODH1 a:hover, .BODH1 a:active { color: #404042; text-decoration: none; }
.BODH2 { font-size: 1.0em; font-weight: bold; line-height: 2.0em; width: 100%; word-wrap: break-word; }
.PREVNEXT { font-size: 0.7em; font-weight: bold; color: #ffffff; padding: 3px 10px; border-radius: 10px;}
.PREVNEXT:link, .PREVNEXT:visited { color: #ff6633 !important; background: #ffffff !important; border: 1px solid #ff6633 !important; text-decoration: none; }
.PREVNEXT:hover, .PREVNEXT:active { color: #fff !important; background: #e24920 !important; border: 1px solid #e24920 !important; text-decoration: none; }
.TEXT { font-size: 0.8em; padding: 0; margin: 0; word-wrap: break-word; }
TD { font-size: 0.8em; }
.HIGHLIGHT { background-color: #fcf446; }
.rr_div { border: 2px solid #ff6633; width: 916px; word-wrap: break-word; -ms-word-wrap: break-word; margin: 0.8em 0; padding: 5px; font-size: 0.8em; max-height: 300px; overflow-y: auto; }

div.scan_issue_false_positive_rpt{width: 32px; height: 32px; background-image: url()}
div.scan_issue_high_certain_rpt{width: 32px; height: 32px; background-image: url()}
div.scan_issue_high_firm_rpt{width: 32px; height: 32px; background-image: url()}
div.scan_issue_high_tentative_rpt{width: 32px; height: 32px; background-image: url()}
div.scan_issue_info_certain_rpt{width: 32px; height: 32px; background-image: url()}
div.scan_issue_info_firm_rpt{width: 32px; height: 32px; background-image: url()}
div.scan_issue_info_tentative_rpt{width: 32px; height: 32px; background-image: url()}
div.scan_issue_low_certain_rpt{width: 32px; height: 32px; background-image: url()}
div.scan_issue_low_firm_rpt{width: 32px; height: 32px; background-image: url()}
div.scan_issue_low_tentative_rpt{width: 32px; height: 32px; background-image: url()}
div.scan_issue_medium_certain_rpt{width: 32px; height: 32px; background-image: url()}
div.scan_issue_medium_firm_rpt{width: 32px; height: 32px; background-image: url()}
div.scan_issue_medium_tentative_rpt{width: 32px; height: 32px; background-image: url()}


@media print {
    body { width: 100%; color: #000000; position: relative; }
    #container { width: 98%; padding: 0; margin: 0; }
    h1 { color: #000000; }
    h2 { color: #000000;}
    .rule { margin: 20px 0 0 0; }
    .title { color: #000000; margin: 0 0 10px 0; padding: 10px 0; }
    .title h1 { color: #000000; }
    .title img { margin: -3px 0; }
    .heading { margin: 0 0 10px 0; }
    .BODH0 { color: #000000; }
    .BODH1 { color: #000000; }
    .PREVNEXT { visibility: hidden; display: none; }
    .rr_div { width: 98%; margin: 0.8em auto; max-height: none !important; overflow: hidden; }
}

</style>
</head>
<body>
<div id="container">
<div class="title"><img src="" width="184" height="58"><h1>Burp Scanner Report</h1></div>
<h1>Summary</h1>
<span class="TEXT">The table below shows the numbers of issues identified in different categories. Issues are classified according to severity as High, Medium, Low or Information. This reflects the likely impact of each issue for a typical organization. Issues are also classified according to confidence as Certain, Firm or Tentative. This reflects the inherent reliability of the technique that was used to identify the issue.</span><br><br><table cellpadding="0" cellspacing="0" class="overview_table">
    <tr>
        <td width="70">&nbsp;</td>
        <td width="90">&nbsp;</td>
        <td colspan="4" height="40" align="center" class="label">Confidence</td>
    </tr>
    <tr>
        <td width="70">&nbsp;</td>
        <td width="90">&nbsp;</td>
        <td width="82" height="30" class="info">Certain</td>
        <td width="82" height="30" class="info">Firm</td>
        <td width="82" height="30" class="info">Tentative</td>
        <td width="82" height="30" class="info_end">Total</td>
    </tr>
    <tr>
        <td rowspan="4" valign="middle" class="label">Severity</td>
        <td class="info" height="30">High</td>
        <td class="colour_holder"><span class="colour_block high_certain">3</span></td>
        <td class="colour_holder"><span class="colour_block high_firm">0</span></td>
        <td class="colour_holder"><span class="colour_block high_tentative">0</span></td>
        <td class="colour_holder_end"><span class="colour_block row_total">3</span></td>
    </tr>
    <tr>
        <td class="info" height="30">Medium</td>
        <td class="colour_holder"><span class="colour_block medium_certain">0</span></td>
        <td class="colour_holder"><span class="colour_block medium_firm">0</span></td>
        <td class="colour_holder"><span class="colour_block medium_tentative">0</span></td>
        <td class="colour_holder_end"><span class="colour_block row_total">0</span></td>
    </tr>
    <tr>
        <td class="info" height="30">Low</td>
        <td class="colour_holder"><span class="colour_block low_certain">2</span></td>
        <td class="colour_holder"><span class="colour_block low_firm">0</span></td>
        <td class="colour_holder"><span class="colour_block low_tentative">0</span></td>
        <td class="colour_holder_end"><span class="colour_block row_total">2</span></td>
    </tr>
    <tr>
        <td class="info" height="30">Information</td>
        <td class="colour_holder"><span class="colour_block info_certain">0</span></td>
        <td class="colour_holder"><span class="colour_block info_firm">6</span></td>
        <td class="colour_holder"><span class="colour_block info_tentative">0</span></td>
        <td class="colour_holder_end"><span class="colour_block row_total">6</span></td>
    </tr>
</table><br>
<span class="TEXT">The chart below shows the aggregated numbers of issues identified in each category. Solid colored bars represent issues with a confidence level of Certain, and the bars fade as the confidence level falls.</span><br><br><table cellpadding="0" cellspacing="0" class="overview_table">
    <tr>
        <td width="70">&nbsp;</td>
        <td width="90">&nbsp;</td>
        <td colspan="6" height="40" align="center" class="label">Number of issues</td>
    </tr>
    <tr>
        <td width="70">&nbsp;</td>
        <td width="90">&nbsp;</td>
        <td width="125"><span class="grad_mark">0</span></td>
        <td width="125"><span class="grad_mark">1</span></td>
        <td width="125"><span class="grad_mark">2</span></td>
        <td width="125"><span class="grad_mark">3</span></td>
        <td width="125"><span class="grad_mark">4</span></td>
    </tr>
    <tr>
        <td rowspan="3" valign="middle" class="label">Severity</td>
        <td class="info">High</td>
        <td colspan="5" height="30">
            <table cellpadding="0" cellspacing="0"><tr><td><img class="bar" src="" width="375" height="16"></td><td><img class="bar" src="" width="0" height="16"></td><td><img class="bar" src="" width="0" height="16"></td></tr></table>
        </td>
        <td>&nbsp;</td>
    </tr>
    <tr>
        <td class="info">Medium</td>
        <td colspan="5" height="30">
            <table cellpadding="0" cellspacing="0"><tr><td><img class="bar" src="" width="0" height="16"></td><td><img class="bar" src="" width="0" height="16"></td><td><img class="bar" src="" width="0" height="16"></td></tr></table>
        </td>
        <td>&nbsp;</td>
    </tr>
    <tr>
        <td class="info">Low</td>
        <td colspan="5" height="30">
            <table cellpadding="0" cellspacing="0"><tr><td><img class="bar" src="" width="250" height="16"></td><td><img class="bar" src="" width="0" height="16"></td><td><img class="bar" src="" width="0" height="16"></td></tr></table>
        </td>
        <td>&nbsp;</td>
    </tr>
</table>

<div class="rule"></div>
<h1>Contents</h1>
<p class="TOCH0"><a href="#1">1.&nbsp;Cleartext submission of password</a></p>
<p class="TOCH1"><a href="#1.1">1.1.&nbsp;http://192.168.73.145:8081/login.php</a></p>
<p class="TOCH1"><a href="#1.2">1.2.&nbsp;http://192.168.73.145:8081/vulnerabilities/brute/</a></p>
<p class="TOCH1"><a href="#1.3">1.3.&nbsp;http://192.168.73.145:8081/vulnerabilities/csrf/</a></p>
<p class="TOCH0"><a href="#2">2.&nbsp;Password submitted using GET method</a></p>
<p class="TOCH0"><a href="#3">3.&nbsp;Unencrypted communications</a></p>
<p class="TOCH0"><a href="#4">4.&nbsp;Frameable response (potential Clickjacking)</a></p>
<p class="TOCH1"><a href="#4.1">4.1.&nbsp;http://192.168.73.145:8081/index.php</a></p>
<p class="TOCH1"><a href="#4.2">4.2.&nbsp;http://192.168.73.145:8081/login.php</a></p>
<p class="TOCH1"><a href="#4.3">4.3.&nbsp;http://192.168.73.145:8081/setup.php</a></p>
<p class="TOCH1"><a href="#4.4">4.4.&nbsp;http://192.168.73.145:8081/vulnerabilities/brute/</a></p>
<p class="TOCH1"><a href="#4.5">4.5.&nbsp;http://192.168.73.145:8081/vulnerabilities/csrf/</a></p>
<p class="TOCH1"><a href="#4.6">4.6.&nbsp;http://192.168.73.145:8081/vulnerabilities/exec/</a></p>
<br><div class="rule"></div>
<span class="BODH0" id="1">1.&nbsp;<a href="https://portswigger.net/knowledgebase/issues/details/00300100_cleartextsubmissionofpassword">Cleartext submission of password</a></span>
<br><a class="PREVNEXT" href="#2">Next</a>
<br>
<br><span class="TEXT">There are 3 instances of this issue:
<ul>
<li><a href="#1.1">/login.php</a></li>
<li><a href="#1.2">/vulnerabilities/brute/</a></li>
<li><a href="#1.3">/vulnerabilities/csrf/</a></li>
</ul></span>
<h2>Issue background</h2>
<span class="TEXT"><p>Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.</p>
<p>Vulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.</p></span>
<h2>Issue remediation</h2>
<span class="TEXT"><p>Applications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.</p></span>
<h2>Vulnerability classifications</h2><span class="TEXT"><ul>
<li><a href="https://cwe.mitre.org/data/definitions/319.html">CWE-319: Cleartext Transmission of Sensitive Information</a></li>
</ul></span>
<br><br><div class="rule"></div>
<span class="BODH1" id="1.1">1.1.&nbsp;http://192.168.73.145:8081/login.php</span>
<br><a class="PREVNEXT" href="#1.2">Next</a>
<br>
<h2>Summary</h2>
<table cellpadding="0" cellspacing="0" class="summary_table">
<tr>
<td rowspan="4" class="icon" valign="top" align="center"><div class='scan_issue_high_certain_rpt'></div></td>
<td>Severity:&nbsp;&nbsp;</td>
<td><b>High</b></td>
</tr>
<tr>
<td>Confidence:&nbsp;&nbsp;</td>
<td><b>Certain</b></td>
</tr>
<tr>
<td>Host:&nbsp;&nbsp;</td>
<td><b>http://192.168.73.145:8081</b></td>
</tr>
<tr>
<td>Path:&nbsp;&nbsp;</td>
<td><b>/login.php</b></td>
</tr>
</table>
<h2>Issue detail</h2>
<span class="TEXT">The page contains a form with the following action URL, which is submitted over clear-text HTTP:<ul><li>http://192.168.73.145:8081/login.php</li></ul>The form contains the following password field:<ul><li>password</li></ul></span>
<h2>Request</h2>
<div class="rr_div"><span>GET /login.php HTTP/1.1<br>Host: 192.168.73.145:8081<br>User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/117.0<br>Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8<br>Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2<br>Accept-Encoding: gzip, deflate<br>Connection: close<br>Cookie: PHPSESSID=c9m0e9tr068p88c8kjjbu9pqi2; security=impossible<br>Upgrade-Insecure-Requests: 1<br><br></span></div>
<h2>Response</h2>
<div class="rr_div"><span>HTTP/1.1 200 OK<br>Date: Thu, 14 Sep 2023 10:50:49 GMT<br>Server: Apache/2.4.10 (Debian)<br>Expires: Tue, 23 Jun 2009 12:00:00 GMT<br>Cache-Control: no-cache, must-revalidate<br>Pragma: no-cache<br>Vary: Accept-Encoding<br>Content-Length: 1523<br>Connection: close<br>Content-Type: text/html;charset=utf-8<br><br><br>&lt;!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"&gt;<br><br>&lt;html xmlns="http://www.w3.org/1999/xhtml"&gt;<br><br> &nbsp;&nbsp;&nbsp;&lt;head&gt;<br><br> &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&lt;meta http-equiv="Content<br><b>...[SNIP]...</b><br>&lt;div id="content"&gt;<br><br> &nbsp;&nbsp;&nbsp;<span class="HIGHLIGHT">&lt;form action="login.php" method="post"&gt;</span><br><br> &nbsp;&nbsp;&nbsp;&lt;fieldset&gt;<br><b>...[SNIP]...</b><br>&lt;/label&gt; <span class="HIGHLIGHT">&lt;input type="password" class="loginInput" AUTOCOMPLETE="off" size="20" name="password"&gt;</span>&lt;br /&gt;<br><b>...[SNIP]...</b><br></span></div>
<div class="rule"></div>
<span class="BODH1" id="1.2">1.2.&nbsp;http://192.168.73.145:8081/vulnerabilities/brute/</span>
<br><a class="PREVNEXT" href="#1.1">Previous</a>
&nbsp;<a class="PREVNEXT" href="#1.3">Next</a>
<br>
<h2>Summary</h2>
<table cellpadding="0" cellspacing="0" class="summary_table">
<tr>
<td rowspan="4" class="icon" valign="top" align="center"><div class='scan_issue_high_certain_rpt'></div></td>
<td>Severity:&nbsp;&nbsp;</td>
<td><b>High</b></td>
</tr>
<tr>
<td>Confidence:&nbsp;&nbsp;</td>
<td><b>Certain</b></td>
</tr>
<tr>
<td>Host:&nbsp;&nbsp;</td>
<td><b>http://192.168.73.145:8081</b></td>
</tr>
<tr>
<td>Path:&nbsp;&nbsp;</td>
<td><b>/vulnerabilities/brute/</b></td>
</tr>
</table>
<h2>Issue detail</h2>
<span class="TEXT">The page contains a form with the following action URL, which is submitted over clear-text HTTP:<ul><li>http://192.168.73.145:8081/vulnerabilities/brute/</li></ul>The form contains the following password field:<ul><li>password</li></ul></span>
<h2>Request</h2>
<div class="rr_div"><span>GET /vulnerabilities/brute/ HTTP/1.1<br>Host: 192.168.73.145:8081<br>User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/117.0<br>Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8<br>Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2<br>Accept-Encoding: gzip, deflate<br>Connection: close<br>Referer: http://192.168.73.145:8081/index.php<br>Cookie: PHPSESSID=c9m0e9tr068p88c8kjjbu9pqi2; security=impossible<br>Upgrade-Insecure-Requests: 1<br><br></span></div>
<h2>Response</h2>
<div class="rr_div"><span>HTTP/1.1 200 OK<br>Date: Thu, 14 Sep 2023 10:51:29 GMT<br>Server: Apache/2.4.10 (Debian)<br>Expires: Tue, 23 Jun 2009 12:00:00 GMT<br>Cache-Control: no-cache, must-revalidate<br>Pragma: no-cache<br>Vary: Accept-Encoding<br>Content-Length: 4962<br>Connection: close<br>Content-Type: text/html;charset=utf-8<br><br><br>&lt;!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"&gt;<br><br>&lt;html xmlns="http://www.w3.org/1999/xhtml"&gt;<br><br> &nbsp;&nbsp;&nbsp;&lt;head&gt;<br> &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&lt;meta http-equiv="Content-T<br><b>...[SNIP]...</b><br>&lt;/h2&gt;<br><br> &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;<span class="HIGHLIGHT">&lt;form action="#" method="POST"&gt;</span><br> &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;Username:&lt;br /&gt;<br><b>...[SNIP]...</b><br>&lt;br /&gt;<br> &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;<span class="HIGHLIGHT">&lt;input type="password" AUTOCOMPLETE="off" name="password"&gt;</span>&lt;br /&gt;<br><b>...[SNIP]...</b><br></span></div>
<div class="rule"></div>
<span class="BODH1" id="1.3">1.3.&nbsp;http://192.168.73.145:8081/vulnerabilities/csrf/</span>
<br><a class="PREVNEXT" href="#1.2">Previous</a>
&nbsp;<a class="PREVNEXT" href="#4.1">Next</a>
<br>
<h2>Summary</h2>
<table cellpadding="0" cellspacing="0" class="summary_table">
<tr>
<td rowspan="4" class="icon" valign="top" align="center"><div class='scan_issue_high_certain_rpt'></div></td>
<td>Severity:&nbsp;&nbsp;</td>
<td><b>High</b></td>
</tr>
<tr>
<td>Confidence:&nbsp;&nbsp;</td>
<td><b>Certain</b></td>
</tr>
<tr>
<td>Host:&nbsp;&nbsp;</td>
<td><b>http://192.168.73.145:8081</b></td>
</tr>
<tr>
<td>Path:&nbsp;&nbsp;</td>
<td><b>/vulnerabilities/csrf/</b></td>
</tr>
</table>
<h2>Issue detail</h2>
<span class="TEXT">The page contains a form with the following action URL, which is submitted over clear-text HTTP:<ul><li>http://192.168.73.145:8081/vulnerabilities/csrf/</li></ul>The form contains the following password fields:<ul><li>password_current</li><li>password_new</li><li>password_conf</li></ul></span>
<h2>Request</h2>
<div class="rr_div"><span>GET /vulnerabilities/csrf/ HTTP/1.1<br>Host: 192.168.73.145:8081<br>User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/117.0<br>Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8<br>Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2<br>Accept-Encoding: gzip, deflate<br>Connection: close<br>Referer: http://192.168.73.145:8081/vulnerabilities/brute/<br>Cookie: PHPSESSID=c9m0e9tr068p88c8kjjbu9pqi2; security=impossible<br>Upgrade-Insecure-Requests: 1<br><br></span></div>
<h2>Response</h2>
<div class="rr_div"><span>HTTP/1.1 200 OK<br>Date: Thu, 14 Sep 2023 10:51:31 GMT<br>Server: Apache/2.4.10 (Debian)<br>Expires: Tue, 23 Jun 2009 12:00:00 GMT<br>Cache-Control: no-cache, must-revalidate<br>Pragma: no-cache<br>Vary: Accept-Encoding<br>Content-Length: 5012<br>Connection: close<br>Content-Type: text/html;charset=utf-8<br><br><br>&lt;!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"&gt;<br><br>&lt;html xmlns="http://www.w3.org/1999/xhtml"&gt;<br><br> &nbsp;&nbsp;&nbsp;&lt;head&gt;<br> &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&lt;meta http-equiv="Content-T<br><b>...[SNIP]...</b><br>&lt;br /&gt;<br><br> &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;<span class="HIGHLIGHT">&lt;form action="#" method="GET"&gt;</span><br> &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;Current password:&lt;br /&gt;<br> &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;<span class="HIGHLIGHT">&lt;input type="password" AUTOCOMPLETE="off" name="password_current"&gt;</span>&lt;br /&gt;<br><b>...[SNIP]...</b><br>&lt;br /&gt;<br> &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;<span class="HIGHLIGHT">&lt;input type="password" AUTOCOMPLETE="off" name="password_new"&gt;</span>&lt;br /&gt;<br><b>...[SNIP]...</b><br>&lt;br /&gt;<br> &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;<span class="HIGHLIGHT">&lt;input type="password" AUTOCOMPLETE="off" name="password_conf"&gt;</span>&lt;br /&gt;<br><b>...[SNIP]...</b><br></span></div>
<div class="rule"></div>
<span class="BODH0" id="2">2.&nbsp;<a href="https://portswigger.net/knowledgebase/issues/details/00400300_passwordsubmittedusinggetmethod">Password submitted using GET method</a></span>
<br><a class="PREVNEXT" href="#1">Previous</a>
&nbsp;<a class="PREVNEXT" href="#3">Next</a>
<br>
<h2>Summary</h2>
<table cellpadding="0" cellspacing="0" class="summary_table">
<tr>
<td rowspan="4" class="icon" valign="top" align="center"><div class='scan_issue_low_certain_rpt'></div></td>
<td>Severity:&nbsp;&nbsp;</td>
<td><b>Low</b></td>
</tr>
<tr>
<td>Confidence:&nbsp;&nbsp;</td>
<td><b>Certain</b></td>
</tr>
<tr>
<td>Host:&nbsp;&nbsp;</td>
<td><b>http://192.168.73.145:8081</b></td>
</tr>
<tr>
<td>Path:&nbsp;&nbsp;</td>
<td><b>/vulnerabilities/csrf/</b></td>
</tr>
</table>
<h2>Issue detail</h2>
<span class="TEXT">The page contains a form with the following action URL, which is submitted using the GET method:<ul><li>http://192.168.73.145:8081/vulnerabilities/csrf/</li></ul>The form contains the following password fields:<ul><li>password_current</li><li>password_new</li><li>password_conf</li></ul></span>
<h2>Issue background</h2>
<span class="TEXT"><p>Some applications use the GET method to submit passwords, which are transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing passwords into the URL increases the risk that they will be captured by an attacker.</p>
<p>Vulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.</p></span>
<h2>Issue remediation</h2>
<span class="TEXT"><p>All forms submitting passwords should use the POST method. To achieve this, applications should specify the method attribute of the FORM tag as <b>method="POST"</b>. It may also be necessary to modify the corresponding server-side form handler to ensure that submitted passwords are properly retrieved from the message body, rather than the URL.
</p></span>
<h2>Vulnerability classifications</h2><span class="TEXT"><ul>
<li><a href="https://cwe.mitre.org/data/definitions/598.html">CWE-598: Information Exposure Through Query Strings in GET Request</a></li>
</ul></span>
<h2>Request</h2>
<div class="rr_div"><span>GET /vulnerabilities/csrf/ HTTP/1.1<br>Host: 192.168.73.145:8081<br>User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/117.0<br>Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8<br>Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2<br>Accept-Encoding: gzip, deflate<br>Connection: close<br>Referer: http://192.168.73.145:8081/vulnerabilities/brute/<br>Cookie: PHPSESSID=c9m0e9tr068p88c8kjjbu9pqi2; security=impossible<br>Upgrade-Insecure-Requests: 1<br><br></span></div>
<h2>Response</h2>
<div class="rr_div"><span>HTTP/1.1 200 OK<br>Date: Thu, 14 Sep 2023 10:51:31 GMT<br>Server: Apache/2.4.10 (Debian)<br>Expires: Tue, 23 Jun 2009 12:00:00 GMT<br>Cache-Control: no-cache, must-revalidate<br>Pragma: no-cache<br>Vary: Accept-Encoding<br>Content-Length: 5012<br>Connection: close<br>Content-Type: text/html;charset=utf-8<br><br><br>&lt;!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"&gt;<br><br>&lt;html xmlns="http://www.w3.org/1999/xhtml"&gt;<br><br> &nbsp;&nbsp;&nbsp;&lt;head&gt;<br> &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&lt;meta http-equiv="Content-T<br><b>...[SNIP]...</b><br>&lt;br /&gt;<br><br> &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;<span class="HIGHLIGHT">&lt;form action="#" method="GET"&gt;</span><br> &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;Current password:&lt;br /&gt;<br> &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;<span class="HIGHLIGHT">&lt;input type="password" AUTOCOMPLETE="off" name="password_current"&gt;</span>&lt;br /&gt;<br><b>...[SNIP]...</b><br>&lt;br /&gt;<br> &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;<span class="HIGHLIGHT">&lt;input type="password" AUTOCOMPLETE="off" name="password_new"&gt;</span>&lt;br /&gt;<br><b>...[SNIP]...</b><br>&lt;br /&gt;<br> &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;<span class="HIGHLIGHT">&lt;input type="password" AUTOCOMPLETE="off" name="password_conf"&gt;</span>&lt;br /&gt;<br><b>...[SNIP]...</b><br></span></div>
<div class="rule"></div>
<span class="BODH0" id="3">3.&nbsp;<a href="https://portswigger.net/knowledgebase/issues/details/01000200_unencryptedcommunications">Unencrypted communications</a></span>
<br><a class="PREVNEXT" href="#2">Previous</a>
&nbsp;<a class="PREVNEXT" href="#4">Next</a>
<br>
<h2>Summary</h2>
<table cellpadding="0" cellspacing="0" class="summary_table">
<tr>
<td rowspan="4" class="icon" valign="top" align="center"><div class='scan_issue_low_certain_rpt'></div></td>
<td>Severity:&nbsp;&nbsp;</td>
<td><b>Low</b></td>
</tr>
<tr>
<td>Confidence:&nbsp;&nbsp;</td>
<td><b>Certain</b></td>
</tr>
<tr>
<td>Host:&nbsp;&nbsp;</td>
<td><b>http://192.168.73.145:8081</b></td>
</tr>
<tr>
<td>Path:&nbsp;&nbsp;</td>
<td><b>/</b></td>
</tr>
</table>
<h2>Issue description</h2>
<span class="TEXT"><p>The application allows users to connect to it over unencrypted connections.  An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.</p>
<p>
To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.
</p>
<p>Please note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.</p></span>
<h2>Issue remediation</h2>
<span class="TEXT"><p>Applications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.</p></span>
<h2>References</h2>
<span class="TEXT"><ul>
<li><a href="https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure">Marking HTTP as non-secure</a></li>
<li><a href="https://wiki.mozilla.org/Security/Server_Side_TLS">Configuring Server-Side SSL/TLS</a></li>
<li><a href="https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security">HTTP Strict Transport Security</a></li>
</ul></span>
<h2>Vulnerability classifications</h2><span class="TEXT"><ul>
<li><a href="https://cwe.mitre.org/data/definitions/326.html">CWE-326: Inadequate Encryption Strength</a></li>
</ul></span>
<div class="rule"></div>
<span class="BODH0" id="4">4.&nbsp;<a href="https://portswigger.net/knowledgebase/issues/details/005009a0_frameableresponsepotentialclickjacking">Frameable response (potential Clickjacking)</a></span>
<br><a class="PREVNEXT" href="#3">Previous</a>
<br>
<br><span class="TEXT">There are 6 instances of this issue:
<ul>
<li><a href="#4.1">/index.php</a></li>
<li><a href="#4.2">/login.php</a></li>
<li><a href="#4.3">/setup.php</a></li>
<li><a href="#4.4">/vulnerabilities/brute/</a></li>
<li><a href="#4.5">/vulnerabilities/csrf/</a></li>
<li><a href="#4.6">/vulnerabilities/exec/</a></li>
</ul></span>
<h2>Issue description</h2>
<span class="TEXT"><p>If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.</p>
<p>Note that some applications attempt to prevent these attacks from within the HTML page itself, using "framebusting" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.</p>
<p>You should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. </p></span>
<h2>Issue remediation</h2>
<span class="TEXT"><p>To effectively prevent framing attacks, the application should return a response header with the name <b>X-Frame-Options</b> and the value <b>DENY</b> to prevent framing altogether, or the value <b>SAMEORIGIN</b> to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.</p></span>
<h2>References</h2>
<span class="TEXT"><ul><li><a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options">X-Frame-Options</a></li></ul></span>
<h2>Vulnerability classifications</h2><span class="TEXT"><ul>
<li><a href="https://cwe.mitre.org/data/definitions/693.html">CWE-693: Protection Mechanism Failure</a></li>
</ul></span>
<br><br><div class="rule"></div>
<span class="BODH1" id="4.1">4.1.&nbsp;http://192.168.73.145:8081/index.php</span>
<br><a class="PREVNEXT" href="#1.3">Previous</a>
&nbsp;<a class="PREVNEXT" href="#4.2">Next</a>
<br>
<h2>Summary</h2>
<table cellpadding="0" cellspacing="0" class="summary_table">
<tr>
<td rowspan="4" class="icon" valign="top" align="center"><div class='scan_issue_info_firm_rpt'></div></td>
<td>Severity:&nbsp;&nbsp;</td>
<td><b>Information</b></td>
</tr>
<tr>
<td>Confidence:&nbsp;&nbsp;</td>
<td><b>Firm</b></td>
</tr>
<tr>
<td>Host:&nbsp;&nbsp;</td>
<td><b>http://192.168.73.145:8081</b></td>
</tr>
<tr>
<td>Path:&nbsp;&nbsp;</td>
<td><b>/index.php</b></td>
</tr>
</table>
<h2>Request</h2>
<div class="rr_div"><span>GET /index.php HTTP/1.1<br>Host: 192.168.73.145:8081<br>User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/117.0<br>Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8<br>Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2<br>Accept-Encoding: gzip, deflate<br>Referer: http://192.168.73.145:8081/login.php<br>Connection: close<br>Cookie: PHPSESSID=c9m0e9tr068p88c8kjjbu9pqi2; security=impossible<br>Upgrade-Insecure-Requests: 1<br><br></span></div>
<h2>Response</h2>
<div class="rr_div"><span>HTTP/1.1 200 OK<br>Date: Thu, 14 Sep 2023 10:51:23 GMT<br>Server: Apache/2.4.10 (Debian)<br>Expires: Tue, 23 Jun 2009 12:00:00 GMT<br>Cache-Control: no-cache, must-revalidate<br>Pragma: no-cache<br>Vary: Accept-Encoding<br>Content-Length: 7274<br>Connection: close<br>Content-Type: text/html;charset=utf-8<br><br><br>&lt;!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"&gt;<br><br>&lt;html xmlns="http://www.w3.org/1999/xhtml"&gt;<br><br> &nbsp;&nbsp;&nbsp;&lt;head&gt;<br> &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&lt;meta http-equiv="Content-T<br><b>...[SNIP]...</b><br></span></div>
<div class="rule"></div>
<span class="BODH1" id="4.2">4.2.&nbsp;http://192.168.73.145:8081/login.php</span>
<br><a class="PREVNEXT" href="#4.1">Previous</a>
&nbsp;<a class="PREVNEXT" href="#4.3">Next</a>
<br>
<h2>Summary</h2>
<table cellpadding="0" cellspacing="0" class="summary_table">
<tr>
<td rowspan="4" class="icon" valign="top" align="center"><div class='scan_issue_info_firm_rpt'></div></td>
<td>Severity:&nbsp;&nbsp;</td>
<td><b>Information</b></td>
</tr>
<tr>
<td>Confidence:&nbsp;&nbsp;</td>
<td><b>Firm</b></td>
</tr>
<tr>
<td>Host:&nbsp;&nbsp;</td>
<td><b>http://192.168.73.145:8081</b></td>
</tr>
<tr>
<td>Path:&nbsp;&nbsp;</td>
<td><b>/login.php</b></td>
</tr>
</table>
<h2>Request</h2>
<div class="rr_div"><span>GET /login.php HTTP/1.1<br>Host: 192.168.73.145:8081<br>User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/117.0<br>Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8<br>Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2<br>Accept-Encoding: gzip, deflate<br>Connection: close<br>Cookie: PHPSESSID=c9m0e9tr068p88c8kjjbu9pqi2; security=impossible<br>Upgrade-Insecure-Requests: 1<br><br></span></div>
<h2>Response</h2>
<div class="rr_div"><span>HTTP/1.1 200 OK<br>Date: Thu, 14 Sep 2023 10:50:49 GMT<br>Server: Apache/2.4.10 (Debian)<br>Expires: Tue, 23 Jun 2009 12:00:00 GMT<br>Cache-Control: no-cache, must-revalidate<br>Pragma: no-cache<br>Vary: Accept-Encoding<br>Content-Length: 1523<br>Connection: close<br>Content-Type: text/html;charset=utf-8<br><br><br>&lt;!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"&gt;<br><br>&lt;html xmlns="http://www.w3.org/1999/xhtml"&gt;<br><br> &nbsp;&nbsp;&nbsp;&lt;head&gt;<br><br> &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&lt;meta http-equiv="Content<br><b>...[SNIP]...</b><br></span></div>
<div class="rule"></div>
<span class="BODH1" id="4.3">4.3.&nbsp;http://192.168.73.145:8081/setup.php</span>
<br><a class="PREVNEXT" href="#4.2">Previous</a>
&nbsp;<a class="PREVNEXT" href="#4.4">Next</a>
<br>
<h2>Summary</h2>
<table cellpadding="0" cellspacing="0" class="summary_table">
<tr>
<td rowspan="4" class="icon" valign="top" align="center"><div class='scan_issue_info_firm_rpt'></div></td>
<td>Severity:&nbsp;&nbsp;</td>
<td><b>Information</b></td>
</tr>
<tr>
<td>Confidence:&nbsp;&nbsp;</td>
<td><b>Firm</b></td>
</tr>
<tr>
<td>Host:&nbsp;&nbsp;</td>
<td><b>http://192.168.73.145:8081</b></td>
</tr>
<tr>
<td>Path:&nbsp;&nbsp;</td>
<td><b>/setup.php</b></td>
</tr>
</table>
<h2>Request</h2>
<div class="rr_div"><span>GET /setup.php HTTP/1.1<br>Host: 192.168.73.145:8081<br>User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/117.0<br>Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8<br>Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2<br>Accept-Encoding: gzip, deflate<br>Referer: http://192.168.73.145:8081/login.php<br>Connection: close<br>Cookie: PHPSESSID=c9m0e9tr068p88c8kjjbu9pqi2; security=impossible<br>Upgrade-Insecure-Requests: 1<br><br></span></div>
<h2>Response</h2>
<div class="rr_div"><span>HTTP/1.1 200 OK<br>Date: Thu, 14 Sep 2023 10:51:06 GMT<br>Server: Apache/2.4.10 (Debian)<br>Expires: Tue, 23 Jun 2009 12:00:00 GMT<br>Cache-Control: no-cache, must-revalidate<br>Pragma: no-cache<br>Vary: Accept-Encoding<br>Content-Length: 3789<br>Connection: close<br>Content-Type: text/html;charset=utf-8<br><br><br>&lt;!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"&gt;<br><br>&lt;html xmlns="http://www.w3.org/1999/xhtml"&gt;<br><br> &nbsp;&nbsp;&nbsp;&lt;head&gt;<br> &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&lt;meta http-equiv="Content-T<br><b>...[SNIP]...</b><br></span></div>
<div class="rule"></div>
<span class="BODH1" id="4.4">4.4.&nbsp;http://192.168.73.145:8081/vulnerabilities/brute/</span>
<br><a class="PREVNEXT" href="#4.3">Previous</a>
&nbsp;<a class="PREVNEXT" href="#4.5">Next</a>
<br>
<h2>Summary</h2>
<table cellpadding="0" cellspacing="0" class="summary_table">
<tr>
<td rowspan="4" class="icon" valign="top" align="center"><div class='scan_issue_info_firm_rpt'></div></td>
<td>Severity:&nbsp;&nbsp;</td>
<td><b>Information</b></td>
</tr>
<tr>
<td>Confidence:&nbsp;&nbsp;</td>
<td><b>Firm</b></td>
</tr>
<tr>
<td>Host:&nbsp;&nbsp;</td>
<td><b>http://192.168.73.145:8081</b></td>
</tr>
<tr>
<td>Path:&nbsp;&nbsp;</td>
<td><b>/vulnerabilities/brute/</b></td>
</tr>
</table>
<h2>Request</h2>
<div class="rr_div"><span>GET /vulnerabilities/brute/ HTTP/1.1<br>Host: 192.168.73.145:8081<br>User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/117.0<br>Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8<br>Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2<br>Accept-Encoding: gzip, deflate<br>Connection: close<br>Referer: http://192.168.73.145:8081/index.php<br>Cookie: PHPSESSID=c9m0e9tr068p88c8kjjbu9pqi2; security=impossible<br>Upgrade-Insecure-Requests: 1<br><br></span></div>
<h2>Response</h2>
<div class="rr_div"><span>HTTP/1.1 200 OK<br>Date: Thu, 14 Sep 2023 10:51:29 GMT<br>Server: Apache/2.4.10 (Debian)<br>Expires: Tue, 23 Jun 2009 12:00:00 GMT<br>Cache-Control: no-cache, must-revalidate<br>Pragma: no-cache<br>Vary: Accept-Encoding<br>Content-Length: 4962<br>Connection: close<br>Content-Type: text/html;charset=utf-8<br><br><br>&lt;!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"&gt;<br><br>&lt;html xmlns="http://www.w3.org/1999/xhtml"&gt;<br><br> &nbsp;&nbsp;&nbsp;&lt;head&gt;<br> &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&lt;meta http-equiv="Content-T<br><b>...[SNIP]...</b><br></span></div>
<div class="rule"></div>
<span class="BODH1" id="4.5">4.5.&nbsp;http://192.168.73.145:8081/vulnerabilities/csrf/</span>
<br><a class="PREVNEXT" href="#4.4">Previous</a>
&nbsp;<a class="PREVNEXT" href="#4.6">Next</a>
<br>
<h2>Summary</h2>
<table cellpadding="0" cellspacing="0" class="summary_table">
<tr>
<td rowspan="4" class="icon" valign="top" align="center"><div class='scan_issue_info_firm_rpt'></div></td>
<td>Severity:&nbsp;&nbsp;</td>
<td><b>Information</b></td>
</tr>
<tr>
<td>Confidence:&nbsp;&nbsp;</td>
<td><b>Firm</b></td>
</tr>
<tr>
<td>Host:&nbsp;&nbsp;</td>
<td><b>http://192.168.73.145:8081</b></td>
</tr>
<tr>
<td>Path:&nbsp;&nbsp;</td>
<td><b>/vulnerabilities/csrf/</b></td>
</tr>
</table>
<h2>Request</h2>
<div class="rr_div"><span>GET /vulnerabilities/csrf/ HTTP/1.1<br>Host: 192.168.73.145:8081<br>User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/117.0<br>Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8<br>Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2<br>Accept-Encoding: gzip, deflate<br>Connection: close<br>Referer: http://192.168.73.145:8081/vulnerabilities/brute/<br>Cookie: PHPSESSID=c9m0e9tr068p88c8kjjbu9pqi2; security=impossible<br>Upgrade-Insecure-Requests: 1<br><br></span></div>
<h2>Response</h2>
<div class="rr_div"><span>HTTP/1.1 200 OK<br>Date: Thu, 14 Sep 2023 10:51:31 GMT<br>Server: Apache/2.4.10 (Debian)<br>Expires: Tue, 23 Jun 2009 12:00:00 GMT<br>Cache-Control: no-cache, must-revalidate<br>Pragma: no-cache<br>Vary: Accept-Encoding<br>Content-Length: 5012<br>Connection: close<br>Content-Type: text/html;charset=utf-8<br><br><br>&lt;!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"&gt;<br><br>&lt;html xmlns="http://www.w3.org/1999/xhtml"&gt;<br><br> &nbsp;&nbsp;&nbsp;&lt;head&gt;<br> &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&lt;meta http-equiv="Content-T<br><b>...[SNIP]...</b><br></span></div>
<div class="rule"></div>
<span class="BODH1" id="4.6">4.6.&nbsp;http://192.168.73.145:8081/vulnerabilities/exec/</span>
<br><a class="PREVNEXT" href="#4.5">Previous</a>
<br>
<h2>Summary</h2>
<table cellpadding="0" cellspacing="0" class="summary_table">
<tr>
<td rowspan="4" class="icon" valign="top" align="center"><div class='scan_issue_info_firm_rpt'></div></td>
<td>Severity:&nbsp;&nbsp;</td>
<td><b>Information</b></td>
</tr>
<tr>
<td>Confidence:&nbsp;&nbsp;</td>
<td><b>Firm</b></td>
</tr>
<tr>
<td>Host:&nbsp;&nbsp;</td>
<td><b>http://192.168.73.145:8081</b></td>
</tr>
<tr>
<td>Path:&nbsp;&nbsp;</td>
<td><b>/vulnerabilities/exec/</b></td>
</tr>
</table>
<h2>Request</h2>
<div class="rr_div"><span>GET /vulnerabilities/exec/ HTTP/1.1<br>Host: 192.168.73.145:8081<br>User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/117.0<br>Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8<br>Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2<br>Accept-Encoding: gzip, deflate<br>Connection: close<br>Referer: http://192.168.73.145:8081/vulnerabilities/csrf/<br>Cookie: PHPSESSID=c9m0e9tr068p88c8kjjbu9pqi2; security=impossible<br>Upgrade-Insecure-Requests: 1<br><br></span></div>
<h2>Response</h2>
<div class="rr_div"><span>HTTP/1.1 200 OK<br>Date: Thu, 14 Sep 2023 10:51:33 GMT<br>Server: Apache/2.4.10 (Debian)<br>Expires: Tue, 23 Jun 2009 12:00:00 GMT<br>Cache-Control: no-cache, must-revalidate<br>Pragma: no-cache<br>Vary: Accept-Encoding<br>Content-Length: 4805<br>Connection: close<br>Content-Type: text/html;charset=utf-8<br><br><br>&lt;!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"&gt;<br><br>&lt;html xmlns="http://www.w3.org/1999/xhtml"&gt;<br><br> &nbsp;&nbsp;&nbsp;&lt;head&gt;<br> &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&lt;meta http-equiv="Content-T<br><b>...[SNIP]...</b><br></span></div>
<div class="rule"></div>
<span class="TEXT"><br>Report generated by Burp Suite <a href="https://portswigger.net/vulnerability-scanner/">web vulnerability scanner</a> v2020.2, at Thu Sep 14 10:57:39 CST 2023.<br><br></span>
</div>
</body>
</html>
